Skip Menu |
Report information
Id: 132164
Status: new
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: brian.carpenter [at] gmail.com
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: low
Type: unknown
Perl Version: (no value)
Fixed In: (no value)



Date: Tue, 26 Sep 2017 01:12:02 -0500
From: Brian Carpenter <brian.carpenter [...] gmail.com>
Subject: unsigned integer overflow in S_study_chunk (regcomp.c:5444)
To: perlbug [...] perl.org
Download (untitled) / with headers
text/plain 822b
Triggered while fuzzing v5.27.4-28-g60dfa51 ./perl -e 'm m0*0+\Rm' regcomp.c:5444:26: runtime error: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long' #0 0xc36484 in S_study_chunk /root/perl/regcomp.c:5444:26 #1 0xb7c063 in Perl_re_op_compile /root/perl/regcomp.c:7574:11 #2 0x567839 in Perl_pmruntime /root/perl/op.c:5888:6 #3 0xaf495b in Perl_yyparse /root/perl/perly.y:1210:23 #4 0x7289f7 in S_parse_body /root/perl/perl.c:2450:9 #5 0x714363 in perl_parse /root/perl/perl.c:1753:2 #6 0x50af99 in main /root/perl/perlmain.c:121:18 #7 0x7fd350558b44 in __libc_start_main /build/glibc-6V9RKT/glibc-2.19/csu/libc-start.c:287 #8 0x43c01b in _start (/root/perl/perl+0x43c01b) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior regcomp.c:5444:26
From: Brian Carpenter <brian.carpenter [...] gmail.com>
Subject: Re: [perl #132164] perlbug AutoReply: unsigned integer overflow in S_study_chunk (regcomp.c:5444)
Date: Tue, 26 Sep 2017 01:19:04 -0500
To: perlbug-followup [...] perl.org
Whoops, that should be "signed" not unsigned.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org